Use cert-manager to generate certs for tests (apache#306)

* Use cert-manager to generate certs for tests * Install Cert-Manager in test env ### Motivation Currently, we use hard coded certificates for the tests. Instead, we can use Cert Manager to generate the certificates. The primary benefit of this change is that it ensure we're testing the cert manager integration. ### Modifications * Remove `.ci/tls` directory since we no longer need these certs. * Remove `scripts/pulsar/clean_tls.sh` (it wasn't used) * Remove `scripts/pulsar/upload_tls.sh` since we are not uploading any certs * Update the `helm.sh` test script * Update the `.ci/clusters` configurations to generate the relevant cert manager manifests ### Verifying this change - [ ] Make sure that the change passes the CI checks.
devinbost · Oct 19, 2022 · 62a0d2b · 62a0d2b
1 parent 816d88c
commit 62a0d2b
Show file tree

Hide file tree

Showing 34 changed files with 16 additions and 1,011 deletions.
diff --git a/.ci/clusters/values-bk-tls.yaml b/.ci/clusters/values-bk-tls.yaml
@@ -67,7 +67,8 @@ tls:
   bookie:
     enabled: true
 
-# disable cert manager
+# enable cert-manager
 certs:
   internal_issuer:
-    enabled: false
+    enabled: true
+    type: selfsigning
diff --git a/.ci/clusters/values-broker-tls.yaml b/.ci/clusters/values-broker-tls.yaml
@@ -69,7 +69,8 @@ tls:
   broker:
     enabled: true
 
-# disable cert-manager
+# enable cert-manager
 certs:
   internal_issuer:
-    enabled: false
+    enabled: true
+    type: selfsigning
diff --git a/.ci/clusters/values-tls.yaml b/.ci/clusters/values-tls.yaml
@@ -73,7 +73,8 @@ tls:
   zookeeper:
     enabled: true
 
-# disable cert-manager
+# enable cert-manager
 certs:
   internal_issuer:
-    enabled: false
+    enabled: true
+    type: selfsigning
diff --git a/.ci/clusters/values-zk-tls.yaml b/.ci/clusters/values-zk-tls.yaml
@@ -67,7 +67,8 @@ tls:
   zookeeper:
     enabled: true
 
-# disable cert manager
+# enable cert-manager
 certs:
   internal_issuer:
-    enabled: false
+    enabled: true
+    type: selfsigning
diff --git a/.ci/clusters/values-zkbk-tls.yaml b/.ci/clusters/values-zkbk-tls.yaml
@@ -69,7 +69,8 @@ tls:
   bookie:
     enabled: true
 
-# disable cert manager
+# enable cert-manager
 certs:
   internal_issuer:
-    enabled: false
+    enabled: true
+    type: selfsigning
diff --git a/.ci/helm.sh b/.ci/helm.sh
@@ -105,9 +105,9 @@ function ci::install_pulsar_chart() {
 
     echo "Installing the pulsar chart"
     ${KUBECTL} create namespace ${NAMESPACE}
+    ci::install_cert_manager
     echo ${CHARTS_HOME}/scripts/pulsar/prepare_helm_release.sh -k ${CLUSTER} -n ${NAMESPACE} ${extra_opts}
     ${CHARTS_HOME}/scripts/pulsar/prepare_helm_release.sh -k ${CLUSTER} -n ${NAMESPACE} ${extra_opts}
-    ${CHARTS_HOME}/scripts/pulsar/upload_tls.sh -k ${CLUSTER} -n ${NAMESPACE} -d ${PULSAR_HOME}/.ci/tls
     sleep 10
 
     echo ${HELM} install --set initialize=true --values ${value_file} ${CLUSTER} ${CHARTS_HOME}/charts/pulsar

diff --git a/.ci/tls/certs/ca.cert.pem b/.ci/tls/certs/ca.cert.pem
diff --git a/.ci/tls/private/ca.key.pem b/.ci/tls/private/ca.key.pem
diff --git a/.ci/tls/servers/bookie/bookie.cert.pem b/.ci/tls/servers/bookie/bookie.cert.pem
diff --git a/.ci/tls/servers/bookie/bookie.csr.pem b/.ci/tls/servers/bookie/bookie.csr.pem
diff --git a/.ci/tls/servers/bookie/bookie.key-pk8.pem b/.ci/tls/servers/bookie/bookie.key-pk8.pem
diff --git a/.ci/tls/servers/bookie/bookie.key.pem b/.ci/tls/servers/bookie/bookie.key.pem
diff --git a/.ci/tls/servers/broker/broker.cert.pem b/.ci/tls/servers/broker/broker.cert.pem
diff --git a/.ci/tls/servers/broker/broker.csr.pem b/.ci/tls/servers/broker/broker.csr.pem
diff --git a/.ci/tls/servers/broker/broker.key-pk8.pem b/.ci/tls/servers/broker/broker.key-pk8.pem